Published: 18/04/2016 Updated: 08/09/2017

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

media/libmedia/IOMX.cpp in mediaserver in Android 4.x prior to 4.4.4, 5.0.x prior to 5.0.2, 5.1.x prior to 5.1.1, and 6.x prior to 2016-04-01 does not initialize a parameter data structure, which allows malicious users to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26914474.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google android 4.4.3
google android 4.4.2
google android 4.1.2
google android 4.1
google android 6.0.1
google android 6.0
google android 4.4.1
google android 4.4
google android 4.0.4
google android 4.0.3
google android 5.0.1
google android 5.0
google android 4.2.2
google android 4.2.1
google android 4.2
google android 4.0
google android 5.1.0
google android 5.1
google android 4.3.1
google android 4.3
google android 4.0.2
google android 4.0.1

Source: bugschromiumorg/p/project-zero/issues/detail?id=711 Android: Information Disclosure in IOMX getConfig/getParameter Platform: Verified on google/razor/flo:601/MMB29O/2459718:user/release-keys Class: Information Disclosure Summary: The GET_CONFIG and GET_PARAMETER calls on IOMX are vulnerable to an information disclosure of unin ...

CWE-264 https://android.googlesource.com/platform/frameworks/av/+/1171e7c047bf79e7c93342bb6a812c9edd86aa84 http://source.android.com/security/bulletin/2016-04-02.html https://www.exploit-db.com/exploits/39685/https://nvd.nist.gov https://www.exploit-db.com/exploits/39685/

CVE-2016-2417

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect